Modern computer systems place a high importance on security of user access to computing resources and on maintaining current and accurate polices for the permissions of computer system users to access those computing resources. Resource owners, and other administrators of resources, often use such computing resource policies to control access by computer system users to computing resources in order to support the business needs of the resource owners, administrators, and users. In a computer system where many users may have several assigned roles, permissions, or policies associated with and relating to many different computing resources, maintaining user roles, permissions, or policies can grow increasingly complex, particularly as the size and/or complexity of the system or the number of computer system users increases.
Accordingly, a resource owner may grant access to resources in order to perform one or more actions on behalf of the resource owner while simultaneously ensuring the security of resources. However, determining the level of access to these resources that should be granted to other users can be difficult and pose several problems. For instance, determining what permissions are sufficient to enable users to access these resources can be time and labor intensive. Further, the resource owner can inadvertently provide users with overly-broad access to the computing resources.